Malware Targeting Online Poker Players Spys on Victims Cards

When playing poker, online or offline, everyone often watches for cheaters, as high-stakes can be on the line.

Evidence of some bizarre form of cheating has come forward, leading many speculate they are targets, as attackers are targeting two of the world’s most popular online gaming websites. Several hundred gamblers on Pokerstars and Full Tilt Poker websites have been infected with some form of the cheating malware, ESET security researcher Robert Lipovsky reported.

“Every once in a while, though, we stumble upon something that stands out, something that doesn’t fall into the ‘common’ malware categories that we encounter every day—such as ransomware, banking trojans, or targeted attacks (APTs)—just to name a few of those that are currently causing the most problems,” Lipovsky wrote in a blog post published last week. “Today, we’re bringing you one of those uncommon threats—a trojan devised to target players of online poker.”

The latest piece of Windows malware, dubbed Odlanor, has come two years after ESET already warned of the Pokeragency botnet, spreading through Facebook in direct connection to the Zynga Poker app. Another malware-based poker stealing scheme.

ESET researchers posted a photo of the malware code that targets and searches for Pokerstars and Full Tilt Poker related information.

According to ESET, the Trojan malware spying on poker players is a bit more complex, which works according to researchers:

“Like a typical computer trojan, users usually get infected with Win32/Spy.Odlanor unknowingly when downloading some other, useful application from sources different than the official websites of the software authors. This malware masquerades as benign installers for various general purpose programs, such as Daemon Tools or mTorrent. In other cases, it was loaded onto the victim’s system through various poker-related programs – poker player databases, poker calculators, and so on – such as Tournament Shark, Poker Calculator Pro, Smart Buddy, Poker Office, and others.

“Once executed, the Odlanor malware will be used to create screenshots of the window of the two targeted poker clients – PokerStars or Full Tilt Poker, if the victim is running either of them. The screenshots are then sent to the attacker’s remote computer.

“Afterwards, the screenshots can be retrieved by the cheating attacker. They reveal not only the hands of the infected opponent but also the player ID. Both of the targeted poker sites allow searching for players by their player IDs, hence the attacker can easily connect to the tables on which they’re playing.

“We are unsure whether the perpetrator plays the games manually or in some automated way.”

ESET researchers said they discovered several variations of the malware throughout a number of sites, dating back to as early as March of this year. Attackers are mainly targeting online gamblers throughout the Czech Republic, Poland and Hungary, the security firm added. Researchers said they believe several hundred are infected with some variation of the malware.

The company has noted the malware can be extremely dangerous and for poker players everywhere to watch out for this potential threat!